GitHub Actions: Prevent GitHub Actions from approving pull requests

We have introduced a new policy setting that controls whether GitHub Actions can approve pull requests. This protects against a user using Actions to satisfy the "Required approvals" branch protection requirement and merging a change that was not reviewed by another user.

To prevent breaking existing workflows Allow GitHub Actions reviews to count towards required approval is enabled by default. However, an organization admin can disable it under the organization's Actions settings.

image

GitHub is updating the retention policy as it pertains to Checks data. Checks created by GitHub Actions and third-party GitHub Apps will be affected by the new retention policy.

Starting on February 14th, 2022 GitHub will begin archiving detailed checks data older than 400 days. As part of the archiving process we will create a rollup commit status representing the state of all checks for that commit. As a consequence, the merge box in any pull request with archived required checks will be in a blocked state and checks will need to be rerun in order to merge it.

Learn more about checks

See more

While renewing GitHub Actions SSL certificates, an unexpected change in the intermediate certificate authority broke workflows using Open ID Connect (OIDC) based deployment to AWS.

To fix the issue please follow the following steps:

  1. In the AWS Console, go to IAM -> Identity Providers
  2. Open the provider(s) for token.actions.githubusercontent.com
  3. Click Manage under Thumbprints
  4. Add the thumbprint 6938fd4d98bab03faadb97b34396831e3780aea1

We’re continuing to investigate, to ensure this issue does not reoccur in the future.

Learn more about using OIDC with GitHub Actions.

See more